Enterprise-Level cyber situation awareness

Xiaoyan Sun, Jun Dai, Anoop Singhal, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingChapter

2 Citations (Scopus)

Abstract

This chapter begins with a literature review of situation awareness (SA) concepts, and a study on how to apply SA to the cyber field for enterprise-level network security diagnosis. With the finding that an isolation problem exists between the individual perspectives of different technologies, this chapter introduces a cyber SA model named SKRM, which is proposed to integrate the isolated perspectives into a framework. Based on one of the SKRM layers, called Operating System Layer, this chapter presents a runtime system named Patrol, that reveals zero-day attack paths in the enterprise-level networks. To overcome the limitation of Patrol and achieve better accuracy and efficiency, this chapter further illustrates the usage of Bayesian Networks at the low level of Operating System to reveal zero-day attack paths in a probabilistic way.

Original languageEnglish (US)
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PublisherSpringer Verlag
Pages66-109
Number of pages44
DOIs
StatePublished - Jan 1 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10030
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Fingerprint

Situation Awareness
Operating Systems
Network security
Bayesian networks
Attack
Industry
Path
Runtime Systems
Network Security
Literature Review
Zero
Bayesian Networks
Isolation
Integrate
Model

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Sun, X., Dai, J., Singhal, A., & Liu, P. (2017). Enterprise-Level cyber situation awareness. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 66-109). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10030). Springer Verlag. https://doi.org/10.1007/978-3-319-61152-5_4
Sun, Xiaoyan ; Dai, Jun ; Singhal, Anoop ; Liu, Peng. / Enterprise-Level cyber situation awareness. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer Verlag, 2017. pp. 66-109 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inbook{44788677102b4c19bc99cd33fc5e28f8,
title = "Enterprise-Level cyber situation awareness",
abstract = "This chapter begins with a literature review of situation awareness (SA) concepts, and a study on how to apply SA to the cyber field for enterprise-level network security diagnosis. With the finding that an isolation problem exists between the individual perspectives of different technologies, this chapter introduces a cyber SA model named SKRM, which is proposed to integrate the isolated perspectives into a framework. Based on one of the SKRM layers, called Operating System Layer, this chapter presents a runtime system named Patrol, that reveals zero-day attack paths in the enterprise-level networks. To overcome the limitation of Patrol and achieve better accuracy and efficiency, this chapter further illustrates the usage of Bayesian Networks at the low level of Operating System to reveal zero-day attack paths in a probabilistic way.",
author = "Xiaoyan Sun and Jun Dai and Anoop Singhal and Peng Liu",
year = "2017",
month = "1",
day = "1",
doi = "10.1007/978-3-319-61152-5_4",
language = "English (US)",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "66--109",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
address = "Germany",

}

Sun, X, Dai, J, Singhal, A & Liu, P 2017, Enterprise-Level cyber situation awareness. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10030, Springer Verlag, pp. 66-109. https://doi.org/10.1007/978-3-319-61152-5_4

Enterprise-Level cyber situation awareness. / Sun, Xiaoyan; Dai, Jun; Singhal, Anoop; Liu, Peng.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer Verlag, 2017. p. 66-109 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10030).

Research output: Chapter in Book/Report/Conference proceedingChapter

TY - CHAP

T1 - Enterprise-Level cyber situation awareness

AU - Sun, Xiaoyan

AU - Dai, Jun

AU - Singhal, Anoop

AU - Liu, Peng

PY - 2017/1/1

Y1 - 2017/1/1

N2 - This chapter begins with a literature review of situation awareness (SA) concepts, and a study on how to apply SA to the cyber field for enterprise-level network security diagnosis. With the finding that an isolation problem exists between the individual perspectives of different technologies, this chapter introduces a cyber SA model named SKRM, which is proposed to integrate the isolated perspectives into a framework. Based on one of the SKRM layers, called Operating System Layer, this chapter presents a runtime system named Patrol, that reveals zero-day attack paths in the enterprise-level networks. To overcome the limitation of Patrol and achieve better accuracy and efficiency, this chapter further illustrates the usage of Bayesian Networks at the low level of Operating System to reveal zero-day attack paths in a probabilistic way.

AB - This chapter begins with a literature review of situation awareness (SA) concepts, and a study on how to apply SA to the cyber field for enterprise-level network security diagnosis. With the finding that an isolation problem exists between the individual perspectives of different technologies, this chapter introduces a cyber SA model named SKRM, which is proposed to integrate the isolated perspectives into a framework. Based on one of the SKRM layers, called Operating System Layer, this chapter presents a runtime system named Patrol, that reveals zero-day attack paths in the enterprise-level networks. To overcome the limitation of Patrol and achieve better accuracy and efficiency, this chapter further illustrates the usage of Bayesian Networks at the low level of Operating System to reveal zero-day attack paths in a probabilistic way.

UR - http://www.scopus.com/inward/record.url?scp=85028450880&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85028450880&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-61152-5_4

DO - 10.1007/978-3-319-61152-5_4

M3 - Chapter

AN - SCOPUS:85028450880

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 66

EP - 109

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

PB - Springer Verlag

ER -

Sun X, Dai J, Singhal A, Liu P. Enterprise-Level cyber situation awareness. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer Verlag. 2017. p. 66-109. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-61152-5_4